Siebel 6 Integration w/ AD

I would like to know if I can achieve single sign on between SAP, Siebel 6 and Windows Active Directory=2E Currently, we are running on NT4 domains=2E Users logon to the network using the user logons from AD 2000 (which located elsewhere but trusted to our NT4 domains)=2E We maintain our own SAP and Siebel under NT4 domain environment=2E

Q:
Is there a way to acheive Single Sign On without touching the existing AD? Eg: build a new local AD that trusted the NT4 domains, then try integrate SAP and Siebel into this AD rather than exisitng AD=2E Is this achievable? It might need dual sign on, essentially, we wolud like to use single user sign on for all our ERP and CRM applications without having to administer the separate application logons which mean we still allow users to logon to the exisitng AD for file, printing and email services and the logged on user would have another "application logon ID" for all other application access=2E We have Sharepoint Portal Server 2001, can we use the portal as the medium for the Sign On?